Friday, 16 May 2014

GDS and security, Mae West and Estonia (Mae Westonia?)

Servicemen during the Second World War kept their morale up in many ways. Among others by having pin-ups, dear old Mae West among them.

70 years later, the wars are different, sentiment has moved on and the front line in digital services has a new pin-up – Estonia.

Some things never change, of course. The fascination with vital statistics, for example – only the other day, there was Jordan Hatch of GDS, the UK Government Digital Service, transfixed by Estonia's dashboard :)

@tomskitomski I was there a couple of weeks ago. Isn’t it great! Make sure to get a demo of the dashboard of all the citizen data :)
— Jordan Hatch (@1jh) May 12, 2014

And not just him. His boss, too, Public Servant of the Year ex-Guardian man Mike Bracken CBE:

You don't need to use army issue any more, you can bring your own device, BYOD. That's got to be a morale-booster in any language. That and the "police record query".

But what's all this about "graffiti" and "retrofuturism"?

No mystery. Cast your mind back to October 2012. And even to May 2012 when Francis Maude, Cabinet Office minister, went over to Estonia and actually met the future.

Which leaves just one tweet requiring explanation – why does eVoting suddenly get a mention? What is @sikkut's point that is being "completely taken"?

It helps if you know that @sikkut is Siim Sikkut, the National ICT Policy Adviser in the Government Office of Estonia: "My job is to help the government shape the future of information society and ICT sector in Estonia".

He was defending the honour of Estonia. Certain persons were impugning it. And Siim's point was that you always get deadbeats like that turning up. Just ignore them. That's the point that was "completely taken". There's nothing to see here.

And who are these deadbeats?

The University of Michigan (@umich) and the Open Rights Group.

Acting in concert, these fifth columnists have examined Estonia's electronic voting service and – how dare they? – declared that it is defective. It's not clear, they say, that in an election the result would be determined by the voters. Instead, the election could be hijacked by malware under the control of a foreign power:

Mr Kitcat didn't choose Russia as his example at random. Russia brought Estonia to its knees back in 2007. Very easily. Using a simple distributed denial of service attack, DDoS. Which worked precisely because Estonia is so dependent on digital public services. Is that what we want in the UK?

You need to know that Jason Kitcat is Leader of Brighton & Hove City Council, a Green city councillor, a member of the Open Knowledge "worldwide non-profit network of people passionate about openness", a member of the Open Rights Group (ORG) and the founder of the free e-democracy project: "This project evangelised the use of Free Software in government". He's obviously in favour of digital government.

And he's convinced that Estonia's eVoting system fails the tests for democratic legitimacy. Not just him/ORG but also the University of Michigan, who demonstrated that not only Estonia's but also Washington DC's eVoting system doesn't work, please see Hacker infiltration ends D.C. online voting trial.

ORG and @umich have put together a video of their findings:

Estonia has issued a statement: "We believe that online balloting allows us to achieve a level of security greater than what is possible with paper ballots".

And ORG/@umich have responded: "The Election Committee have failed to demonstrate or prove this very significant claim. Our independent and detailed analysis of their system’s procedures, design and available source code suggests that the system provides security far below that of a well-run paper-based election".

"Estonia is a model for all of us", we were told. Not if ORG/@umich are right, it isn't.

"Estonia has become the home of NATO Cooperative Cyber Defence Centre of Excellence and Estonian President Toomas Hendrik Ilves has become one of the most vocal cybersecurity advocates on the world stage". So said Sten Tamkivi. And a fat lot of use that is, if ORG/@umich are right.

You're in the UK. Not Estonia. What do you do? The symbol of your digital government mission is being impugned, morale among the troops could collapse, you risk being unmasked, how do you respond?

Never mind. No-one cares how you'd respond. This is how GDS responded:

Tom Loosemore (@tomskitomski), in the Twitter thread above, is No.2 at GDS to Public Servant of the year ex-Guardian man Mike Bracken CBE. Tony Bowden (@tmtm) works for mySociety and is based in Tallinn.

It's a small world. In his extraordinary speech to the Code for America Summit last October (3'18") Public Servant of the year ex-Guardian man Mike Bracken CBE explained that 10 years before, he had been at mySociety, making the tea for Saul Tom Steinberg, who developed digital services that the two of them couldn't give away to UK local authorities for free.

How long before the same thing happens to electronic voting systems?

Several times already, we have noted GDS's disinclination to take security seriously. This case of the ORG/@umich report on eVoting in Estonia is an egregious example of the problem. Faced with a security challenge to democracy, GDS respond by talking about dashboards and graffiti, BYOD and travel expenses – anything, really, apart from the problem.

How long before the servicemen tear down the pictures of Estonia currently stuck up on their locker doors, revealing the dependable Mae West behind?

----------

Jason Kitcat is standing for election to the European Parliament next week. You could vote for him if you like. Or against. On paper.

According to Sky, "Estonia intends to back up crucial national databases in the UK and other countries".

How would that help?

"Planned 'data embassies' would allow the Estonian government to 'operate in the cloud' – maintaining the normal operations of state digitally, even if its physical territory is occupied by an invading force".

It wouldn't.

If Estonia's "physical territory is occupied by an invading force" then having its "crucial national databases" backed up in the UK or anywhere else wouldn't help and it's baffling self-deception to believe that it would.

"Estonia has arguably the most advanced digital government in the world" – fat lot of use that is.

... Wang, a Canadian-Taiwanese user experience designer ... qualified for an Estonian ID card ... foreigners like Wang are set to gain extended access to some services with Talinn’s new initiative – e-residency ... Wang says she will be applying for e-residency, although she admits she doesn’t know much about it, and is not yet convinced it will give her access to more benefits ...

Updated 20.2.15

Is electronic voting secure? Will the result of an electronic election be determined by the voters or by the best hackers?

Jason Kitcat, the Open Rights Group and the University of Michigan say no, it's not secure, please see above.

Estonia says yes, it is secure, please see above.

Who do you believe?

Forget that. It doesn't matter what you believe.

The question is what does the Speaker's Commission believe? We refer here to the Speaker of the UK Parliament and his Commission on Digital Democracy, which has just tweeted the following:

"Check it out" means watch this chirpy little BBC film – ID cards are great, eVoting is great, it only takes 19 seconds to complete your tax return because the Revenue already know everything about your financial affairs anyway, etc ... Don't miss the punchlines: you have to trust the government implicitly; and Russia can bring your country to its knees quickly and painlessly using nothing more than a computer:

Updated 12.4.15

Six months ago Martha Lane Fox gave it as her opinion that Online voting should be made mandatory. What about all the problems associated with eVoting? "Of course we can cover for all the fraud and I don’t think it makes the procedure any less robust, in fact quite the opposite", she said.

Never mind all the hard work that went into designing the Estonian eVoting scheme and the Washington DC one, and never mind all the hard work put in checking them by the University of Michigan and the Open Rights Group, please see above, Martha Lane Fox thinks eVoting is robust or, more of a double negative, she doesn't think that it's not robust. What's more it should be mandatory.

That may be sufficient reason for some people. After all, Martha Lane Fox is the salesman who successfully promoted digital-by-default to the British government. There can't be much that she doesn't know about technology. Can there? Or government policy-making. Or democracy.

Before your confidence in Martha Lane Fox gives you undentable confidence in mandatory eVoting you should note that your confidence may be dented by a speech given a fortnight ago by ... Martha Lane Fox.

Cybercrime is a bit of a problem on the internet, she said. Cybercrime would presumably include warping election results.

A new institution should be set up she said, DotEveryone, to solve the problem of cybercrime: "That, for me, would be DOT EVERYONE’s third big task – help us embed our national values in the digital world ... It will make sure the UK fills the moral and ethical gap that exists at the heart of discussions about the internet".

In other words, she doesn't yet know how to solve the problem and she can't have done six months before when she nevertheless declared eVoting to be safe and declared without reason that it should be mandatory.

Updated 19.4.15

Who's at the other end of the computer?

Martha Lane Fox and other salesmen may try to convince you that eVoting is safe. And inevitable. And many of you may be convinced.

Not so the SNP (the Scottish National Party).

They're not falling for it.

They take it as axiomatic that MI5 can use computers to intervene in any British ballot to produce the result they want:

... “I couldn’t work out how it was possible to interfere on any scale with the postal ballot,” Andy Anderson, one of the authors, told the Telegraph. “You need the ballot paper number, the signature and date of birth of the voter. Then it occurred to me. All that information went into a computer – and who’s at the other end of the computer in London? MI5” ...

Updated 6.9.17

The estonian world website said yesterday Possible security risk affects 750,000 Estonian ID-cards: "all the cards issued to e-residents are also affected ... we have restricted the access to Estonian ID-card public key database to prevent illegal use ... some Estonian politicians called to postpone the upcoming local elections, due to take place on 16 October".

Bruce Schneier, who knows a thing or two about security, says: "We have no idea how bad this really is ... My guess is that it's worse than the politicians are saying ... And because this system is so important in local politics, the effects are significant ... This is exactly the sort of thing I worry about as ID systems become more prevalent and more centralized. Anyone want to place bets on whether a foreign country is going to try to hack the next Estonian election?".

In view of the impending retirement of Sir Gus O'Donnell , Sir Richard Mottram conducted a review of Whitehall and identified seven abi...

Breakfast, anyone?

£10-worth of intelligent artifice, now ranked 4,915,029 7,300,721 on Amazon!

They said it first:

The relentless growth in size and functions of the Department of State and the relatively high level in calibre of those who staff them, coupled with the steady decline in importance of and function of MPs, has led to a gradual transfer of power and influence from the floor of the House of Commons to the private rooms of permanent civil servants.

I breakfasted at Mr. Falconer's well, and much pleased with my inquiries. Thence to the dock, where we walked in Mr. Shelden's garden, eating more fruit, and drinking, and eating figs, which were very good, and talking while the Royal James was bringing towards the dock, and then we went out and saw the manner and trouble of docking such a ship, which yet they could not do, but only brought her head into the Dock, and so shored her up till next tide. But, good God! what a deal of company was there from both yards to help to do it, when half the company would have done it as well. But I see it is impossible for the King to have things done as cheap as other men.

Housewives as a whole cannot be trusted to buy all the right things, where nutrition and health are concerned. This is really no more than an extension of the principle according to which the housewife herself would not trust a child of four to select the week’s purchases. For in the case of nutrition and health, just as in the case of education, the gentleman in Whitehall really does know better what is good for people than the people know themselves.

... civil servants have years of experience, jobs for life, and a budget of hundreds of billions of pounds, while ministers have, usually, little or no experience of the job and could be kicked out tomorrow. After researching and writing 44 episodes and a play, I find government much easier to understand by looking at ministers as public relations consultants to the real government – which is, of course, the Civil Service.

His [Steve Hilton's] hour-long class on “How to make change happen in government” offers a startling insight into the frustration of Cameron’s inner circle at its own impotence in the face of the formidable Whitehall machine.

Those who optimistically believe they are breaking new ground by improving the online experience are often merely tracing footprints on a path already much trodden, reinventing and rediscovering anew the same things – from a common website to cross-government platforms. The result has been several generations of faster horses.